MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

28.1.10

Automation in creating exploits II

The exploitation of vulnerability now represents one of the highest infection strategies used in the stage of crimeware and exploits while allowing exploit weaknesses aren't a new concept, the fact is that more and more notorious actions.

In fact now continue to be exploited, especially through exploits pack, a large number of vulnerabilities that many have been settled more than two years ago.

However, when these vulnerabilities are of type 0-Day, the problem is power. Cases such as "Operation Aurora" which has recently been bandied about by exploiting a vulnerability in the type 0-Day Internet Explorer 6. Yes, you read that right ... Internet Explorer 6 and currently is being used to spread malware mass but only through version 6, but also on the 7 and 8.

The vulnerability is identified as CVE-2010-0249, and as was the case with the vulnerability exploited by the worm conficker (MS08-067) where automated creation, has recently met a builder that automates the creation of the exploit for Internet Explorer in an extremely simple question that is common in such applications.

This application is Chinese and only lets you configure the web address from where you try to exploit the weakness in the browser. Then generates a file called IE.html containing the exploit code and the url used for the attack, which is obfuscated.

As condiments relevant subject, the exploit generated (embedded in the html) is detected by less than 40% of companies reporting according to antivirus virutotal. While the builder is detected, by far, at least 25%.

On the other hand, exploits automation generates a gap, revealing that many operations "disguised" as part of campaign of distraction after simple attacks, are closely related to intelligence affairs.

Related Information
Automatización en la creación de exploits
Process Automation anti-analysis II
Automating processes anti-analysis through of crimeware

Jorge Mieres

2 comentarios:

Zuk said...

Nice blog,
I will be keeping an eye on it.



Itzhak Avraham
http://imthezuk.blogspot.com

Jorge Mieres said...

Thanks bro! :)

Post a Comment